解决cannot enable executable stack as shared object requires: Permission denied问题

最新推荐文章于 2023-01-09 15:14:39 发布
最新推荐文章于 2023-01-09 15:14:39 发布
阅读量1.2k 收藏
点赞数
文章标签: 运维 python 系统安全
原文链接:https://my.oschina.net/u/209161/blog/3041812
版权

2019独角兽企业重金招聘Python工程师标准>>> hot3.png

启动错误问题排查

1、启动apache服务错误提示。

Starting httpd: httpd: Syntax error on line 211 of /etc/httpd/conf/httpd.conf: Syntax error on line 6 of /etc/httpd/conf.d/php.conf: Cannot 
load /etc/httpd/modules/libphp5.so into server: libcrypto.so.6: cannot enable executable stack as shared object requires: Permission denied


Starting httpd: httpd: Syntax error on line 211 of /etc/httpd/conf/httpd.conf: Syntax error on line 6 of /etc/httpd/conf.d/php.conf: Cannot 
load /etc/httpd/modules/libphp5.so into server: libcrypto.so.6: cannot enable executable stack as shared object requires: Permission denied

通过以上错误判断应为selinux问题。

2、尝试关闭selinux,启动apache。

/usr/sbin/setenforce 0
/etc/init.d/httpd start
Starting httpd: [Wed Apr 24 12:37:39 2019]     [  OK  ]

启动成功了。确定是selinux问题。为系统安全,不想关闭selinux改如何解决呢?

解决selinux问题:

1、查看audit.log日志。

/usr/sbin/setenforce 1
less /var/logs/audit/audit.log

type=AVC msg=audit(1556086804.050:571845): avc:  denied  { execstack } for  pid=17397 comm="httpd" scontext=root:system_r:httpd_t:s0 tcontex
t=root:system_r:httpd_t:s0 tclass=processtype=SYSCALL msg=audit(1556086804.050:571845): arch=c000003e syscall=10 success=no exit=-13 a0=7fff31feb000 a1=1000 a2=1000007 a3=4 items=0 
ppid=17394 pid=17397 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=187 comm="httpd" exe="/usr/sbin/httpd" subj=root:system_r:httpd_t:s0 key=(null)

2、执行execstack处理。

最简单的解决办法就是执行execstack:
execstack --clear-execstack /lib/libcrypto.so.6
execstack --clear-execstack /lib/libcrypto.so.6

execstack 部分参数如下:
-s --set-execstack
              Mark binary or shared library as requiring executable stack.
-c --clear-execstack
              Mark binary or shared library as not requiring executable stack.
-q --query
              Query executable stack marking of binaries and shared libraries.  For each file it prints either - when executable stack
              is  not  required,  X  when executable stack is required or ?  when it is unknown whether the object requires or doesn’t
              require executable stack (the marking is missing).

通过-q参数查看指定文件是否需要executable stack,如果输出的开头是"-",表示executable stack is  not  required,如果是“X”,表示executable stack is required,如果是“?”,表示未知。
:/root> execstack -q /lib/libcrypto.so.6
? /lib/libcrypto.so.6
:/root> execstack -c /lib/libcrypto.so.6
:/root> execstack -q /lib/libcrypto.so.6
- /lib/libcrypto.so.6
:/root>

3、根据日志生成PP文件。

grep httpd /var/log/audit/audit.log | audit2allow -M httpdfixlocal

******************** IMPORTANT ***********************
To make this policy package active, execute:

semodule -i httpdfixlocal.pp

4、执行PP文件。

/usr/sbin/semodule -i httpdfixlocal.pp

5、启动httpd,可正常启动。

 

注意:setsebool,semodule等命令需安装如下工具包。

yum install policycoreutils

转载于:https://my.oschina.net/u/209161/blog/3041812

weixin_33814685
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
堆栈执行
againplease的专栏
12-09 684
The GNU Stack QuickstartContent: 1. Introduction 2. Causes of executable stack markings 3. Finding ELFs that ask for an executable stack 4. What needs to be fixed 5. How to fix
解决-BASH: /HOME/JAVA/JDK1.8.0_221/BIN/JAVA: 权限不够问题
08-25
主要介绍了解决-BASH: /HOME/JAVA/JDK1.8.0_221/BIN/JAVA: 权限不够的问题,需要的朋友可以参考下
opencv3.3 python2.7 linux子系统 树莓派 编译记录
u014303844的专栏
12-24 1919
linux终端上编译安装opencv3.3.0, python import 异常 cannot enable executable stack as shared object requires解决方案
XAMPP启动中的一些问题解决办法
jonathanlin2008的专栏
02-27 8378
<br />问题:<br />[root@localhost lampp]# ./lampp start<br /> Starting XAMPP for Linux 1.7.4...<br /> /opt/lampp/bin/php: error while loading shared libraries: libz.so.1: cannot enable executable stack as shared object requires: Permission denied<br /> XAM
python3堆栈,Python3.4错误-无法作为共享对象要求启用可执行堆栈:无效的参数
weixin_39570838的博客
11-24 103
I've been trying to install OpenCV in a Bash on Windows (Windows Subsystem for Linux, wsl) environment and it's been proving very difficult.I think I'm getting very close, but upon entering python, im...
Gcc链接选项
自定义安装golang
12-06 1万+
关于gcc链接选项可以通过页面https://gcc.gnu.org/onlinedocs/gcc/Link-Options.html#index-z。一般通过-Wl,option来传递参数给链接器。 -soname -soname用于指定动态链接库名字,用法:-Wl,-soname,libxxx.so。 --gc-sections --gc-sections表示依赖库中不使用的sectio...
python3堆栈_Python3.4错误-无法作为共享对象要求启用可执行堆栈:无效的参数
weixin_39636245的博客
11-24 112
I've been trying to install OpenCV in a Bash on Windows (Windows Subsystem for Linux, wsl) environment and it's been proving very difficult.I think I'm getting very close, but upon entering python, im...
解决idea 拉取代码出现的 “ Сannot Run Git Cannot identify version of git executable: no response“的问题
08-24
主要介绍了解决idea 拉取代码出现的 “ Сannot Run Git Cannot identify version of git executable: no response“的问题,需要的朋友可以参考下
Microsoft Portable Executable and Common Object File Format Specification - 1999 (pecoff)-计算机科学
04-22
Microsoft Portable Executable and Common Object File Format SpecificationMicrosoft Corporation Revision 6.0 - February 1999Note This document is provided to aid in the development of tools and ...
CATIACAA二次开发中的shared libarary 和executable两种模式的区别
04-19
详细的描述了可执行模块和共享模块之间的区别,以及如何使用可执行模块和共享模块,如何设置可执行模块的启动项及操作
解决centos9安装mongodb数据库错误:mongod: error while loading shared libraries: libcrypto.so.1.1: cannot open
入佛门六根不净,入商场狼性不足
01-09 2337
mongod: error while loading shared libraries: libcrypto.so.1.1: cannot open
[重庆思庄每日技术分享]-oracle EM13.4 安装失败之后的处理
XIANHUAFANG的博客
07-01 320
EM13.4:Install/Upgrade of Enterprise Manager Cloud Control on Linux Fails withan Error: "Failed to start Enterprise Manager. Diagnostic code 1" (DocID 2637385.1)In this DocumentSymptomsChangesCauseSolutionAPPLIES TO:Enterprise Manager Base Platform - Versi
常用的gcc程序保护命令
sinat_31608641的博客
11-30 1675
NX:-z execstack / -z noexecstack (关闭 / 开启) 不让执行栈上的数据,于是JMP ESP就不能用了 Canary:-fno-stack-protector /-fstack-protector / -fstack-protector-all(关闭 / 开启 / 全开启) 栈里插入cookie信息 PIE:-no-pie / -pie (关闭 / 开启) 地址随机化,另外打开后会有get_pc_thunk RELRO:-z norelro / -z lazy / -.
关于Linux下gcc 编译 C 源文件时,生成的是Shared object file而不是Executable file
czw
10-25 1万+
最近在Debian下写C时,发现用readelf命令查看编译后的可执行文件类型时,发现文件类型是DYN (Shared object file),而不是EXEC (Executable file)。 -&amp;gt; % readelf -h a.out ELF Header: Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 Cl...
在Fedora13/14,CentOS或RHEL5.5/6上安装Eclipse SDK 3.6.1
googling的专栏
01-18 1582
<br />初学Java,想在Fedora12下面装个Eclipse。<br />解压eclipse后,运行出现错误:<br />/usr/java/jdk1.6.0_22/bin/../jre/lib/i386/client/libjvm.so: cannot enable executable stack as shared object requires: Permission denied<br />在网上找到一篇文章,解决问题。<br />http://www.if-not-true-then-
12C ORA-错误汇总7 ORA-09870 to ORA-12100
热门推荐
badman250的专栏
03-02 3万+
ORA-09870 to ORA-12100 8 ORA-09870: spini: failure initializing maximum number of open files. Cause: ulimit system call returned an error. Action: Check errno. ORA-09871: TASDEF_NAME: translation
error while loading shared libraries: libvrc.so: cannot open shared object file: No such file or directory如何解决
最新发布
04-21
这个错误通常是由于系统找不到所需的共享库文件导致的。解决方法如下: 1. 确认库文件是否存在:...如果以上方法无法解决问题,请提供更多关于错误的详细信息,例如操作系统和软件版本等,以便更好地帮助您解决问题

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值